Windows Azure Tackles Credit Card Security

In oddly fitting timing, Microsoft announced on Jan. 16 that its Windows Azure cloud platform has been validated to conform to Payment Card Industry Data Security Standards (PCI DSS 2.0), credit card industry policies and requirements that govern how merchant IT systems handle sensitive payment information.
"The PCI DSS is the global standard that any organization of any size must adhere to in order to accept payment cards, and to store, process, and/or transmit cardholder data," wrote Windows Azure General Manager Steven Martin in a company blog post. He added that his company's cloud "delivers a compliant framework" that enables customers to run their "own secure and compliant applications."
Microsoft revealed that Azure had achieved the validation, performed by independent Qualified Security Assessor (QSA) Neohapsis, as the controversy surrounding Target's massive credit card breach continues to rage. The retailer admitted on Dec. 19 that attackers had made off with information on roughly 40 million credit and debit card accounts, including names, debit/credit card numbers, expiration dates and the three-digit security code found on the backs of most cards.
The breach spanned the prime holiday shopping season, from Nov. 27 to Dec. 15. Gregg Steinhafel, Target chairman, president and CEO, said in a statement, "We take this matter very seriously and are working with law enforcement to bring those responsible to justice." On Jan. 10, the company revised its figures upward to 70 million customers affected, mirroring the TJX data breach in 2006 that saw its numbers rise to 96 million compromised accounts when the investigation concluded in 2007.

The culprit: memory-scraping malware on Target's point-of-sale terminals. Barring a sophisticated effort to infiltrate Microsoft's data centers, the software giant's cloud is unlikely to meet the same fate.